If you’re concerned about your privacy, you have to be concerned about whoever is carrying your Internet traffic. They can store your data and give it to others if they’re so inclined. If you travel to different countries, especially ones that arrest and punish people for unpopular forms of expression, this can become a serious concern. Sometimes it’s a concern even in your hometown.
Connecting to the Internet through a mobile phone means sending and receiving all your data through the mobile carrier. If you use an unsecured (HTTP) website, it can read everything you send and receive. Whether your connection is secure or not, it can see what sites you visit. Even if it collects information only for “diagnostic purposes,” a data breach could let other people see whatever the carrier has acquired.
The CarrierIQ scandal
In 2011, the software company CarrierIQ was at the center of a controversy. Its software, which was installed on many mobile phones, collected information on users and sent it to service providers. Some of the claims about it proved to be exaggerated, but it collected enough to be very disturbing. The information obtained included GPS data, URLs, incoming and outgoing phone numbers, and applications. It also produced debugging logs that could leak additional information.
The software operated without the users’ consent or knowledge. The big companies, such as Apple and Google, were quick to deny collecting any personal information. The information could serve legitimate purposes for improving the quality of service, but aggregating location information, applications, and sites visited could put some users in danger.
Law enforcement gone wrong
Law enforcement agencies can compel carriers to turn over information about users. Carriers may not always insist on a court order, and some orders may be far too broad. The federal government’s intelligence agencies get the spotlight, but local police departments may be worse. Some of them are more likely to go on fishing expeditions and target individuals without cause than the NSA is. They’re also more likely to be careless about protecting it.
The mantra is “You aren’t interesting enough,” and it’s true that most of the people who are interesting to spy agencies already know it. It’s much easier, though, to become “interesting” to a power-hungry local politician who doesn’t like criticism.
“Tower dumps” collect all data from a cell tower, whether the people using it are under suspicion or not. In most places, the police don’t need a warrant to get a dump. They can keep the information indefinitely. In 2016, Verizon alone granted 14,630 orders or warrants for tower dumps in 2016.
The Stingray device, which is popular with law enforcement, impersonates a cell tower. It’s a legal form of wireless wiretapping. The agency which has it can collect any unencrypted traffic that goes through it. A court order is generally required, but all that’s necessary is for the police to assert that its use is relevant to an investigation. The order is a “pen register order,” a type that was originally intended for tapping a single telephone line. Some states now require a search warrant for using a Stingray, but many don’t.
Finding out how widely used Stingrays are is difficult since police departments often use them in secret.
Selling browsing histories
The United States doesn’t have any prohibitions against sale of users’ browsing histories by service providers. Unencrypted connections let carriers collect the exact URL. Encrypted ones still show the domain which the user is connecting to; that can’t be encrypted without hiding the information necessary to make a connection.
“Private browsing” mode is no protection. It hides cookies and Internet history within the browser, but it doesn’t affect what goes out on the Internet. A service provider can still collect all browsing history.
The carrier can sell the information to a marketing company, which might deliver online ads based on it. If the result is an increase in ads for fast-food places, that’s only mildly annoying. If the ads are for supposed remedies for a serious disease, they could be distressing. If family members use the same computer, they might get clues about a condition which the user is trying to hide.
What mobile carriers know
Most people use mobile phones on a subscription plan. They pay with a credit card or otherwise disclose their identity. Mobile carriers have all the data necessary to associate Internet access with the device’s owner, who is likely to be the person using it.
When people use dedicated apps rather than browsers, they may not have any security at all. Some apps send and receive all data in cleartext. Email also is unencrypted by default, though some services use encrypted connections.
Carriers can identify types of traffic. They can recognize a VoIP phone call, for example, even if they can’t decipher the content. They can tell what service is carrying the call.
Protection through a VPN
A virtual private network, or VPN, encrypts all the traffic between a user and a server. This includes URLs, headers, and email messages. The carrier can see the VPN server’s IP address, but nothing more than that. Having a VPN defeats many forms of surveillance.
Most people who know about VPNs think of them as a secure way to connect with an employer’s network. That’s one type of VPN, but others serve as a way to keep a service provider from viewing a user’s Internet activity. The connection goes out from this type of VPN to the Internet, but at that point, it’s far removed from the originating device. A really determined effort would be necessary to match up the traffic with its point of origin. You could think of it as a highly secure proxy service.
What a VPN does is to protect one of the most vulnerable links in the communication chain. Keeping all information secure as it goes through eliminates many of the common types of spying.
Not just any VPN will do, though. It needs to be more trustworthy than the wireless carrier. VPN technology is similar across most VPN providers. What separates one from another is are they collecting info on you while claiming they are protecting you? Here are a few other important items to look for when choosing a VPN provider:
- No App Requirement: VPN services should be private. Most VPN providers use apps to select VPN locations and manage preferences and account info. Apps installed on a mobile device can be used to track your location, learn where you are versus what VPN server you choose, and collect analytics. While an app may be used to make access easier, an app-less service is that much more secure.
- No Logging: Use a service that will ensure your privacy. Using no logs to collect your activity. Specifically, no logging DNS queries, browser history, location or traffic, any specific content. And as mentioned above, not using an app that tracks your location.
- Not “Foreign” Based: Choose a company that has an impeccable reputation and a solid history. You should know who the company is before you “trust” your security to them. Can you reach them? Do they have people that you can talk to? Are they overseas? Use a company with a solid reputation and is based in the USA. Did you know that more than half of VPN companies are owned or have ties to China?
When you use NetsanityVPN, you’re dealing with a company that is committed to protecting your privacy. You can browse with confidence that your carrier isn’t snooping on you. NetsanityVPN uses the proven technology and security that Netsanity is known for. After protecting kids all over the world, with our parental control service, NetsanityVPN offers customers with Apple and some Android devices a secure way to connect and communicate through the public internet without any privacy or logging concerns. NetsanityVPN provides customers with secure connectivity without the need for any app to be downloaded from the app store. During our beta and initial launch period, NetsanityVPN will target US-based consumers. After the successful beta, Netsanity will offer convenient and automatically-configured VPN servers globally. Try NetsanityVPN free for 7 days.